Provisioning and administrative tools for MIT KDC
Greg Wallace
greg at emusoftware.com
Sun Jan 13 17:59:07 EST 2008
Hi All,
At the Fedora Users and Developer Conference yesterday they announced a
new remote maagement project that might be interesting to people following
this thread.
You can find out more about it here: https://fedorahosted.org/func
Best,
Greg
On Thu, January 10, 2008 10:59 pm, Marcus Watts wrote:
> res at qoxp.net replied to Vincenzo.Carnuccio at valueteam.com:
> ...
>> CV> -Is there any API interface (java, c,any other language) to
>> CV> perform administrative operations? (add a principal, change a
>> CV> password, delete a principal)
>>
>>
>> CV> We must perform automatic provisioning via a web application
>> (jsp)
>> CV> so it seems to be not a good solution using the kadmin command
>> via
>> CV> System Calls.
>>
>> CV> The KDC is the MIT's one
>>
>> http://search.cpan.org/~korty/Authen-Krb5-Admin-0.09/Admin.pm
>>
>> CV> Thank you in advance.
>
> The perl module is probably the best available at present.
>
> Recent versions of MIT kerberos should also export a C callable
> api for kadm5. With older versions of MIT this was also possible,
> but required extracting bits from built source for MIT k5.
> If you feel like experimenting, this may help,
> http://mailman.mit.edu/pipermail/krbdev/2007-March/005702.html
>
> There are also possibilities with java. I've got a java library
> that will do this, which I hope to make generally available shortly.
> It's undergoing review and final feature development right now. It uses
> jni and calls into gssrpc. A future version could be pure java, but
> that wasn't feasible right off.
>
> If you want a different java answer - opensolaris has a java library built
> into its source. It uses jni and calls into kadm5. Note CDDL licensing.
> Here's how to fetch a copy,
>
> do this,
> < find a filesystem with lots of space on a machine with mercurial >
> hg clone ssh://anon@hg.opensolaris.org/hg/onnv/onnv-gate
> then look here:
> onnv-gate/usr/src/OPENSOLARIS.LICENSE
> onnv-gate/usr/src/cmd/krb5/kadmin/gui/native/Kadmin.c
> onnv-gate/usr/src/cmd/krb5/kadmin/gui/native/Kadmin.java
> for more on solaris,
> http://opensolaris.org/os/project/onnv/
> You will probably have to work out your own build procedure.
>
> We didn't go with that for various reasons, but maybe it
> can meet your needs.
>
> -Marcus Watts
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
--
Greg Wallace
Co-Founder and CEO
Emu Software, Inc.
Sponsor of the NetDirector Open Management Console Project
www.netdirector.org
o: 617.830.1835
m: 919.247.3165
skype: gregwallaceemu
More information about the Kerberos
mailing list